PEAR Bloghttp://blog.pear.php.net
Official pear.php.net blogTue, 28 Oct 2014 23:21:34 +0000enhourly1http://wordpress.org/?v=3.1.2Security Vulnerability Announcementhttp://blog.pear.php.net/2014/10/28/security-html_ajax/
http://blog.pear.php.net/2014/10/28/security-html_ajax/#commentsTue, 28 Oct 2014 23:21:34 +0000cweiskehttp://blog.pear.php.net/?p=130Continue reading →]]>A vulnerability in the HTML_AJAX package has been found which allows arbitrary remote code execution. All versions of the package from 0.4.0 up to and including release 0.5.6 are affected by this.

An new release of the package is available which fixes this issue. One is strongly encouraged to upgrade to it by using:

Version 1.9.5 will be the first release of the PEAR installer since 3 years, and thus needs quite some testing before declaring it stable. Instead of using “RC1″, we opted for “dev1″ to keep the stability below alpha, so that upgrading normal packages in alpha/beta state do not automatically give you a potentially unstable PEAR version.

You can upgrade your existing PEAR version with the following command:$ pear upgrade PEAR-1.9.5dev1

Pre-release versions of go-pear.phar and install-pear-nozlib.phar can be temporarily be found at

]]>http://blog.pear.php.net/2014/06/27/pear-1-9-5dev1/feed/2What would you do with 5 million lines of code?http://blog.pear.php.net/2012/01/24/what-would-you-do-with-5-million-lines-of-code/
http://blog.pear.php.net/2012/01/24/what-would-you-do-with-5-million-lines-of-code/#commentsTue, 24 Jan 2012 14:05:29 +0000doconnorhttp://blog.pear.php.net/?p=106Continue reading →]]>Since October 2011, 5 million lines of the PEAR codebase has shifted to github.

Hand in hand with this shift has been the tireless work of Daniel C – someone who brazenly said “I will fix the failing packages!” in the tail end of last year.

I’d like to thank Daniel C for his efforts to date, as well as the contributors who may have previously lurked or found themselves distracted by other concerns.
Dec/Jan has been a great and vigorous period for the project – I heartily look forward to a great 2012.

In particular I’d like to highlight the efforts of meldra and Gemorroj.
With XML_Feed_Parser hosted on github, Meldra has been able to provide all of the patches that have been sitting in the wings internally back to PEAR, with no fuss.
Faced with a backwards compability requirement on Image_Barcode, Gemorroj contributed heavily to an Image_Barcode2.

Having watched these two individuals over the last few weeks provide new vigour and input to some of our underloved packages, I’d like to put a challenge out to the community.

If you have a patch we have pushed back on because of backwards compatibility concerns, talk to us about making the next significant version of that package – we’ll get the code on github and help you get what you need.

No red tape. No run around. Just a solution to your problem by creating an appropriate fork, and a new major version to avoid any BC concerns.

If you have fixes for defects or enhancements being used within your organisation – send us a pull request.

PEAR is about providing the PHP community with reusable, effective components – this has been our mission since day 1.
If there is anything we can do to make that goal happen, to assist you as an individual or company, I would strongly encourage you to let us know – we’re here to help.

]]>http://blog.pear.php.net/2011/12/18/welcome-to-new-contributors/feed/2PEAR Development on Githubhttp://blog.pear.php.net/2011/11/05/pear-development-on-github/
http://blog.pear.php.net/2011/11/05/pear-development-on-github/#commentsSun, 06 Nov 2011 00:52:47 +0000doconnorhttp://blog.pear.php.net/?p=99Continue reading →]]>Like many other projects, many components of PEAR have started a migration to github.

While the existing PEAR packages will continue to use the pear.php.net distribution and bug tracking capabilities; it’s never been easier to contribute to a PEAR package – simply fork; add your changes and send us a pull request.

If your preferred packages aren’t yet on github, please feel free to drop us a line on the pear-dev mailing list.

]]>http://blog.pear.php.net/2011/11/05/pear-development-on-github/feed/3Newly stable packages in PEARhttp://blog.pear.php.net/2011/10/30/newly-stable-packages-in-pear/
http://blog.pear.php.net/2011/10/30/newly-stable-packages-in-pear/#commentsMon, 31 Oct 2011 00:50:30 +0000doconnorhttp://blog.pear.php.net/?p=96Continue reading →]]>We’ve had 60 releases since July. While most are often minor improvements or bug fixes; a number of packages really stand out.

Net_DNS2, and HTTP_Request2. Each of these packages represents the second edition of their respective APIs; each having been honed over time to a point of stability.

If you have an existing project using Net_DNS or HTTP_Request; it is highly recommended you evaluate these new stable releases.

]]>http://blog.pear.php.net/2011/10/30/newly-stable-packages-in-pear/feed/0PEAR in July 2011http://blog.pear.php.net/2011/07/09/pear-in-july-2011/
http://blog.pear.php.net/2011/07/09/pear-in-july-2011/#commentsSat, 09 Jul 2011 14:36:44 +0000doconnorhttp://blog.pear.php.net/?p=90Continue reading →]]>There’s nothing quite like having your blogging system go MIA for a while to give your community an overwhelming impression that no one is home.

Thankfully; despite the radio silence between updates there’s quite a lot to talk about!

Most exciting from my perspective? We’ve seen an explosion in the number of PEAR channels available – at this time, we know of no less than 55 different channels, from those with one small component to those with hundreds.
This is coupled with conversationsinthecommunity; around how PHP projects can create a robust; diverse ecosystem based on some of the core concepts built into PEAR; and how PEAR itself continues on.

Speaking of the future of PEAR, Pyrus is absolutely worth a look if you are working in a PHP 5.3+ environment.

The final place I’d like to throw the spotlight on is HTML_QuickForm2. If you are a user of the original HTML_QuickForm but haven’t thought about upgrading; this is the package for you.
The API is much cleaner, there are at least 3 plugins being proposed via PEPr at the moment; and it’s a snap to extend it to render really slick HTML5 controls.

]]>http://blog.pear.php.net/2011/07/09/pear-in-july-2011/feed/0PEAR in Augusthttp://blog.pear.php.net/2010/08/14/pear-in-august/
http://blog.pear.php.net/2010/08/14/pear-in-august/#commentsSat, 14 Aug 2010 16:10:36 +0000doconnorhttp://blog.pear.php.net/?p=84Continue reading →]]>What’s the pear project been up to recently? We’ve been fairly quiet, launching pear2 and pyrus into the line up, welcoming new faces to the QA team, Jesús Espino, and getting ready to call an election for the new pear group.

]]>http://blog.pear.php.net/2010/08/14/pear-in-august/feed/1Google code channels work againhttp://blog.pear.php.net/2010/05/28/google-code-channels-work-again/
http://blog.pear.php.net/2010/05/28/google-code-channels-work-again/#commentsSat, 29 May 2010 06:35:07 +0000cweiskehttp://blog.pear.php.net/?p=81Continue reading →]]>After the recent problems regarding the usage of PEAR channels hosted in google code SVN repositories, we are glad to announce that the problem has been fixed on both sides!

Reason for the problem was that PEAR sent HTTP “Host:” headers with the port included, i.e. “Host: pear.php.net:80″. This is completly valid according to the HTTP/1.0 specification, and it worked with all of the channels – except those from Google.

Google fixed their HTTP servers to accept Hosts with port numbers, and we at PEAR fixed the PEAR installer not to add the port to HTTP host headers. Version 1.9.1 of PEAR includes that fix.